releases/4.6.5/alsa-echoaudio-fix-memory-allocation.patch

   1 From 9c6795a9b3cbb56a9fbfaf43909c5c22999ba317 Mon Sep 17 00:00:00 2001
   2 From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
   3 Date: Mon, 27 Jun 2016 21:06:51 +0200
   4 Subject: ALSA: echoaudio: Fix memory allocation
   5
   6 From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
   7
   8 commit 9c6795a9b3cbb56a9fbfaf43909c5c22999ba317 upstream.
   9
  10 'commpage_bak' is allocated with 'sizeof(struct echoaudio)' bytes.
  11 We then copy 'sizeof(struct comm_page)' bytes in it.
  12 On my system, smatch complains because one is 2960 and the other is 3072.
  13
  14 This would result in memory corruption or a oops.
  15
  16 Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
  17 Signed-off-by: Takashi Iwai <tiwai@suse.de>
  18 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  19
  20 ---
  21  sound/pci/echoaudio/echoaudio.c |    4 ++--
  22  1 file changed, 2 insertions(+), 2 deletions(-)
  23
  24 --- a/sound/pci/echoaudio/echoaudio.c
  25 +++ b/sound/pci/echoaudio/echoaudio.c
  26 @@ -2200,11 +2200,11 @@ static int snd_echo_resume(struct device
  27         u32 pipe_alloc_mask;
  28         int err;
  29
  30 -       commpage_bak = kmalloc(sizeof(struct echoaudio), GFP_KERNEL);
  31 +       commpage_bak = kmalloc(sizeof(*commpage), GFP_KERNEL);
  32         if (commpage_bak == NULL)
  33                 return -ENOMEM;
  34         commpage = chip->comm_page;
  35 -       memcpy(commpage_bak, commpage, sizeof(struct comm_page));
  36 +       memcpy(commpage_bak, commpage, sizeof(*commpage));
  37
  38         err = init_hw(chip, chip->pci->device, chip->pci->subsystem_device);
  39         if (err < 0) {